Privacy Policy for ID Prove 300 OTP

We have developed this mobile application based on a One-Time Password (OTP) technology allowing a secure and convenient authentication to internet services via an OTP server.

3- Location of the OTP server?

Depending of the terms of the contract between us and your organization that acquires the OTP service, the OTP server can be located at the premises of your organization or in our data center located in Ottawa (Ontario - Canada).

4- Information collected by the Application

To activate the OTP service via the mobile application you will have to enter a PIN number, registration code, or OTP server URL. This information is entered by you to authenticate and to register to the OTP server of your organization. You also have the option to perform the activation via QR code.

5- Information that could be automatically collected by the Application

Information automatically collected

Reasons for the automatic collection

Read phone status and identity

It allows to identify the phone and to derive some parameters used for security functions

Take picture and videos

It lets the app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.

Modify, read or delete the content of the SD card

The SD card is used to store some logs used for debugging or maintenance purpose

Find accounts on the device

This is required by GCM service while getting unique device ID.

View network connections

This is required for accessing ConnectivityManager (mainly for monitoring network connections in general)

View WiFi connections

Allows the app to view information about wi-fi networking, such as whether wi-fi is enabled.

Control flashlight

This allows apps to turn on or off the LED "flash" light used by the camera

Prevent phone from sleeping

This is required to keep processor from sleeping, in our case we are using WakefulBroadcastReceiver for handling push notifications, which keeps the processor from sleeping until the push notification message is processed.

6- Third parties access to information obtained by the Application

Third parties do not have access to the information obtained by the Application.

7- Sharing of data with third parties

We share information with your organization that has acquired the OTP service. We may also disclose personal information to respond to legal requirements (for example, in response to requests by federal, state or local authorities, including tax authorities, subpoenas, court orders or other legal process) or in the good-faith belief that disclosure is legally required, enforce our policies, establish or exercise our legal rights or protect anyone's rights, property or safety.

8- Sharing of data for marketing purposes.

We do not share the data for marketing or advertizing purpose.

9- Security and Retention

If your information is stored on our servers located in Ottawa (Ontario - Canada): we treat data as an asset that must be protected and use tools (encryption, passwords, physical security, etc.) to protect your personal information against unauthorized access and disclosure. However, as you probably know, third parties may unlawfully intercept or access transmissions or private communications, and other users may abuse or misuse your personal information that they collect from the site. Therefore, although we work very hard to protect your privacy, we do not promise, and you should not expect, that your personal information will always remain private.

We retain information in accordance with the duration of the agreement with your organization. In addition, we may retain personal information from closed accounts to comply with the law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce the agreement and take other actions permitted by law.